NVD HIGH: CVE-2026-6897 — The Wishlist Member plugin for WordPress is vulnerable to unauthorized modificat...
The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\Team_Accounts::save_settings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin options, includes the REST API Secret
CVE-2026-6897